I came by this thread in the Bitcoin github repo related to a potential Slowlrois DOS attack.
tl;dr If the IP of nodes is publically known, you can DOS each of them by maxing out their inbound connections through long-running HTTP requests (send headers periodically and never finish the requests). There’s no real solution to this but just mitigations per the wiki page.
Searching for slowlrois
didn’t bring up anything in the libp2p Github repo [3] so I was wondering if this has been discussed or explored? I’m sure that a combination of configurations related to max # of connections, max connections keep-alive, etc, can help mitigate it but has it been battle tested?
[3] github.comlibp2p/go-libp2p